beamng_drive.exe

Gamalafoci

Morava Group

The application beamng_drive.exe, “Gamalafoci Setup ” by Morava Group has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.filesdeliverybits.com.
Publisher:
Morava Group  (signed and verified)

Product:
Gamalafoci

Description:
Gamalafoci Setup

Version:
1.3.1.7

MD5:
4397afd2e1b19c51de3d935bb17167ac

SHA-1:
318b8a4a63be0dcd7029d78d59b6e3358250e286

SHA-256:
accdbb4c25fde33da504184c4a728a606f8b23756a8e169901602698b61bae48

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
11/24/2024 7:34:29 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.InstallCore (M)
17.3.4.18

File size:
1.2 MB (1,238,680 bytes)

Product version:
5.1.2

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\beamng_drive.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
3/7/2016 12:28:01 AM

Valid to:
3/8/2017 12:28:01 AM

Subject:
CN=Morava Group, O=Morava Group, L=Towson, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121A83F14C1C6D435814D1A4B9EC949DB5C

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x9C40

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, 24, CE, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 24, CE...
 
[+]

Entropy:
7.9845

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
37 KB (37,888 bytes)

The file beamng_drive.exe has been seen being distributed by the following URL.

http://www.filesdeliverybits.com/A 8_ecg416mLin_CK8jsmNY1UgYd7vtVclUf vjA168 quyhZyWglsk2Q4dl F2WRnu5IKkAsTsHTpFWehGH7T8ULVGSd4ps O74DJnu wH7Zb_so073nGEMMaARGLvIFVnre4e_161n13z96S 20cVHcog5LOwQMYOmNDF3AWII2DRh3_gT Defv_sn7Ftv7qmWiQdF6D_ZViQLx25RrGhdIrPdcjec1NXVZNlS6NN9Zd7z8qrc4AuaU278akxHJCjQBoRQeV3lq8VXK9uglpsgDdRf_zIyOWx6319e5vHBV2EBKAaGRJ_w6EyOLW71BITz3yFkgzKXuD_wF844iYZ4VUmvLVDiWMEdr1Awz_uoSuRMr1tB2rIDHxsGcitOk_5Yo2IErhKJXkzwzpJEXxVpZfmxSQtUOIFsgSVwO7JZhLyHYpFZ4OQa9D eZt18lUOeOYVTA6kkaKAQbsVpHtLCWj4PZmAGiv1RkvCv5ai_TBDKkffpOCU76I7yP_srU47EwKbc-GzQAAERPFhNCV0xRRRM yVTgkAOH79SWBGqBQ07oOxRkucaby0SnfAhKTog9UfSGVXowHg==

Remove beamng_drive.exe - Powered by Reason Core Security